Home

Description

dizqueTV 1.5.3 contains a remote code execution vulnerability that allows attackers to inject arbitrary commands through the FFMPEG Executable Path settings. Attackers can modify the executable path with shell commands to read system files like /etc/passwd by exploiting improper input validation.

PUBLISHED Reserved 2025-12-10 | Published 2025-12-11 | Updated 2025-12-15 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status
unaffected

1.5.3
affected

Credits

Ahmed Said Saud Al-Busaidi finder

References

www.exploit-db.com/exploits/52079 (ExploitDB-52079) exploit

github.com/vexorian/dizquetv (DizqueTV GitHub Repository) product

www.vulncheck.com/...de-execution-via-ffmpeg-executable-path (VulnCheck Advisory: dizqueTV 1.5.3 Remote Code Execution via FFMPEG Executable Path) third-party-advisory

cve.org (CVE-2024-58286)

nvd.nist.gov (CVE-2024-58286)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.